diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 3f60893..93a8d13 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -26,6 +26,7 @@ env: TF_VAR_aws_region: ${{ vars.TF_AWS_REGION }} TF_VAR_ami_id: ${{ vars.TF_AMI_ID }} TF_VAR_instance_type: ${{ vars.TF_INSTANCE_TYPE }} + TF_VAR_volume_size: ${{ vars.TF_VOLUME_SIZE }} TF_VAR_key_pair_name: ${{ vars.TF_KEY_PAIR_NAME }} TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }} TF_VAR_domain_name: ${{ vars.TF_DOMAIN_NAME }} diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index d86c022..e735abb 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -18,6 +18,7 @@ env: TF_VAR_aws_region: ${{ vars.TF_AWS_REGION }} TF_VAR_ami_id: ${{ vars.TF_AMI_ID }} TF_VAR_instance_type: ${{ vars.TF_INSTANCE_TYPE }} + TF_VAR_volume_size: ${{ vars.TF_VOLUME_SIZE }} TF_VAR_key_pair_name: ${{ vars.TF_KEY_PAIR_NAME }} TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }} TF_VAR_domain_name: ${{ vars.TF_DOMAIN_NAME }} @@ -55,7 +56,8 @@ jobs: run: | terraform plan -out=tfplan.out \ -var="ami_id=ami-005fc0f236362e99f" \ - -var="instance_type=t2.large" + -var="instance_type=t2.large" \ + -var="volume_size=16" working-directory: ./terraform - name: Save Plan JSON @@ -85,13 +87,15 @@ jobs: run: | infracost breakdown --path=./terraform --format=table --out-file=/tmp/infracost-new.txt \ --terraform-var "ami_id=ami-005fc0f236362e99f" \ - --terraform-var "instance_type=t2.large" + --terraform-var "instance_type=t2.large" \ + --terraform-var "volume_size=16" infracost diff --path=./terraform \ --format=json \ --compare-to=/tmp/infracost-base.json \ --out-file=/tmp/infracost.json \ --terraform-var "ami_id=ami-005fc0f236362e99f" \ - --terraform-var "instance_type=t2.large" + --terraform-var "instance_type=t2.large" \ + --terraform-var "volume_size=16" - name: Post Infracost Comment run: | diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml index 43b2cbb..be87342 100644 --- a/.github/workflows/terraform-validate.yml +++ b/.github/workflows/terraform-validate.yml @@ -15,6 +15,7 @@ env: TF_VAR_aws_region: ${{ vars.TF_AWS_REGION }} TF_VAR_ami_id: ${{ vars.TF_AMI_ID }} TF_VAR_instance_type: ${{ vars.TF_INSTANCE_TYPE }} + TF_VAR_volume_size: ${{ vars.TF_VOLUME_SIZE }} TF_VAR_key_pair_name: ${{ vars.TF_KEY_PAIR_NAME }} TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }} TF_VAR_domain_name: ${{ vars.TF_DOMAIN_NAME }} diff --git a/ansible/compose.yml.j2 b/ansible/compose.yml.j2 deleted file mode 100644 index 17399f3..0000000 --- a/ansible/compose.yml.j2 +++ /dev/null @@ -1,144 +0,0 @@ -include: - - compose.monitoring.yml -services: - frontend: - image: maestrops/frontend:latest - env_file: - - frontend/.env - depends_on: - - backend - expose: - - "5173" - labels: - - "traefik.enable=true" - # HTTP Router - - "traefik.http.routers.frontend-http.rule=(Host(`{{ frontend_domain }}`) || Host(`www.{{ frontend_domain }}`))" - - "traefik.http.routers.frontend-http.entrypoints=web" - - "traefik.http.services.frontend.loadbalancer.server.port=5173" - # www to non-www redirect - - "traefik.http.routers.frontend-https.middlewares=www-to-non-www" - # HTTPS Router - - "traefik.http.routers.frontend-https.rule=(Host(`{{ frontend_domain }}`) || Host(`www.{{ frontend_domain }}`))" - - "traefik.http.routers.frontend-https.entrypoints=websecure" - - "traefik.http.routers.frontend-https.tls.certresolver=letsencryptresolver" - - "traefik.http.routers.frontend-https.service=frontend" # optional - - networks: - - app-network - - backend: - image: maestrops/backend:latest - env_file: - - backend/.env - networks: - - app-network - expose: - - "8000" - labels: - - traefik.enable=true - # HTTP Router - - "traefik.http.routers.backend-http.rule=((Host(`{{ frontend_domain }}`) || Host(`www.{{ frontend_domain }}`)) && (PathPrefix(`/api`) || PathPrefix(`/redoc`) || PathPrefix(`/docs`)))" - - "traefik.http.routers.backend-http.entrypoints=web" - - "traefik.http.services.backend-http.loadbalancer.server.port=8000" - # www to non-www redirect - - "traefik.http.routers.backend-https.middlewares=www-to-non-www" - # HTTPS Router - - "traefik.http.routers.backend-https.rule=(Host(`{{ frontend_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/redoc`) || PathPrefix(`/docs`)))" - - "traefik.http.routers.backend-https.entrypoints=websecure" - - "traefik.http.routers.backend-https.tls.certresolver=letsencryptresolver" - - depends_on: - - db - - db: - image: postgres:13 - environment: - POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password - POSTGRES_USER: app - POSTGRES_DB: app - expose: - - "5432" - secrets: - - postgres_password - networks: - - app-network - - adminer: - image: adminer - restart: always - expose: - - "8080" - environment: - ADMINER_DEFAULT_SERVER: db - labels: - - traefik.enable=true - # HTTP Router - - "traefik.http.routers.adminer-http.rule=Host(`{{ db_domain }}`) || Host(`www.{{ db_domain }}`)" - - "traefik.http.routers.adminer-http.entrypoints=web" - - "traefik.http.services.adminer.loadbalancer.server.port=8080" - # www to non-www redirect - - "traefik.http.routers.adminer-https.middlewares=www-to-non-www" - # HTTPS Router - - "traefik.http.routers.adminer-https.rule=Host(`{{ db_domain }}`) || Host(`www.{{ db_domain }}`)" - - "traefik.http.routers.adminer-https.entrypoints=websecure" - - "traefik.http.routers.adminer-https.tls.certresolver=letsencryptresolver" - networks: - - app-network - - traefik: - image: traefik:v2.10.1 - restart: unless-stopped - command: - - "--entrypoints.web.address=:80" - - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entrypoints.websecure.address=:443" - - "--providers.docker=true" - - "--providers.docker.exposedByDefault=false" - - "--api" - - "--certificatesresolvers.letsencryptresolver.acme.email={{ cert_email }}" - - "--certificatesresolvers.letsencryptresolver.acme.storage=/acme.json" - - "--certificatesresolvers.letsencryptresolver.acme.tlschallenge=true" - - "--accesslog=true" - - "--log.level=ERROR" - ports: - - 80:80 - - 443:443 - expose: - - "8080" - volumes: - - /etc/localtime:/etc/localtime:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - - ./traefik/acme.json:/acme.json - labels: - - "traefik.enable=true" - # HTTP Router - - "traefik.http.routers.traefik-http.rule=Host(`{{ traefik_domain }}`) || Host(`www.{{ traefik_domain }}`)" - - "traefik.http.routers.traefik-http.entrypoints=web" - - "traefik.http.services.traefik-http.loadbalancer.server.port=8080" - # www to non-www redirect - - "traefik.http.routers.traefik-https.middlewares=www-to-non-www" - # HTTP to HTTPS redirect - - "traefik.http.middlewares.www-to-non-www.redirectregex.regex=^https?://www\\.(.+)" - - "traefik.http.middlewares.www-to-non-www.redirectregex.replacement=https://$1" - - "traefik.http.middlewares.www-to-non-www.redirectregex.permanent=true" - # HTTPS Router - - "traefik.http.routers.traefik-https.rule=Host(`{{ traefik_domain }}`) || Host(`www.{{ traefik_domain }}`)" - - "traefik.http.routers.traefik-https.entrypoints=websecure" - - "traefik.http.routers.traefik-https.service=api@internal" - - "traefik.http.routers.traefik-https.tls.certresolver=letsencryptresolver" - networks: - - app-network - - monitor-network - -networks: - app-network: - external: true - monitor-network: - external: true -volumes: - postgres_data: -secrets: - postgres_password: - environment: "POSTGRES_PASSWORD" - diff --git a/ansible/roles/docker_compose/tasks/main.yml b/ansible/roles/docker_compose/tasks/main.yml index cbf262d..b66132e 100644 --- a/ansible/roles/docker_compose/tasks/main.yml +++ b/ansible/roles/docker_compose/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Run main Docker Compose shell: | - sleep 180 - docker compose -f compose.monitoring.yml up -d + sleep 80 + docker compose -f compose.monitoring.yml up -d --force-recreate args: chdir: /home/ubuntu diff --git a/ansible/roles/docker_setup/tasks/main.yml b/ansible/roles/docker_setup/tasks/main.yml index 9b3d898..268b3ae 100644 --- a/ansible/roles/docker_setup/tasks/main.yml +++ b/ansible/roles/docker_setup/tasks/main.yml @@ -35,6 +35,19 @@ state: started enabled: true +- name: Add user to the Docker group + command: usermod -aG docker ubuntu + become: yes # Required to ensure the command runs with elevated privileges + +- name: Apply Docker group changes for the current session + shell: | + newgrp docker << END + exit + END + args: + executable: /bin/bash + become: yes + - name: Create app-network community.docker.docker_network: name: app-network diff --git a/ansible/roles/file_structure/tasks/main.yml b/ansible/roles/file_structure/tasks/main.yml index f7217b8..9c2edc0 100644 --- a/ansible/roles/file_structure/tasks/main.yml +++ b/ansible/roles/file_structure/tasks/main.yml @@ -4,6 +4,8 @@ path: "{{ item }}" state: directory mode: '0755' + owner: ubuntu + group: ubuntu loop: - /home/ubuntu/monitoring - /home/ubuntu/traefik diff --git a/terraform/bkp.terraform.tfvars.k b/terraform/bkp.terraform.tfvars.k index 84cc9e3..b822580 100644 --- a/terraform/bkp.terraform.tfvars.k +++ b/terraform/bkp.terraform.tfvars.k @@ -9,6 +9,7 @@ frontend_domain = "cv1.drintech.online" db_domain = "db.cv1.drintech.online" traefik_domain = "traefik.cv1.drintech.online" cert_email = "admin@example.com" # replace with a valid email +volume_size = 15 Let's move on just a test \ No newline at end of file diff --git a/terraform/ec2.tf b/terraform/ec2.tf index 6a1b191..5fb0ffa 100644 --- a/terraform/ec2.tf +++ b/terraform/ec2.tf @@ -8,6 +8,10 @@ resource "aws_instance" "ec2" { Name = var.ec2_name } + root_block_device { + volume_size = var.volume_size + } + provisioner "local-exec" { command = "echo 'Instance provisioned: ${self.public_ip}'" } diff --git a/terraform/variables.tf b/terraform/variables.tf index 3a053bd..bf16846 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -38,6 +38,12 @@ variable "instance_type" { default = "t2.micro" } +variable "volume_size" { + description = "The size of the EBS volume in GB." + type = number + default = 15 # Default to 30 GB +} + variable "key_pair_name" { description = "Key pair name for SSH access" type = string